Malware At Work: Why Managed Security Services Are Taking Off

Employees that spend part of their day visiting social networks, blogs and forums or checking personal webmail could be introducing malware and other threats to business systems, according to security experts surveyed in a recent study. Businesses are increasingly attempting to find alternative ways, including managed services, to address the problem.

Malware introduced by employees surfing the Web was the biggest concern, say the majority of security experts surveyed by Osterman Research. Nearly three-quarters of the 157 enterprise security professionals surveyed by Osterman said malware infiltrated the corporate network through Web surfing.

Businesses are now reaching out for help from managed security service providers. Seventy-eight percent of those surveyed said they have or are seeking cloud-based managed services to reduce the risk of malware infections.

Businesses are getting the message about malware and need assistance configuring and maintaining the security appliances they already have in place, said Vikram Singh, a systems manager at Shelton, Conn.-based SAI Systems International. In many cases, poorly configured firewalls and other security devices allow threats to easily penetrate the network, he said. Web security gateways are often in place but not tuned properly to restrict access to risky websites.

"There is a need for a much more stronger line of communication between the internal network and the devices and other cloud systems connected to it," Singh said. "Businesses are looking for a much more centralized access point to control the traffic flow, data leakage and remote connectivity."

The move to managed services in many cases also is to reduce labor costs, according to the Osterman study. Managing security appliances and addressing infections cost organizations more than $10 per user, per month, Osterman found.

About 56 percent of those surveyed said personal webmail was prohibited. Third-party instant messaging clients were the most restricted, the survey found, with 70 percent of the security professionals indicating their company either blocked or simply restricted their use.

Blocking and restricting access doesn't necessarily result in fewer infections and can irk employees, causing risks in other areas, say solution providers. Far too often organizations lack the visibility needed to determine if an attack is occurring or the nature of an attack, said J.J. Thompson, managing director and CEO of Rook Security, a consultancy and managed services provider based in Indianapolis. Companies that are proactive are using human analysts and metadata about attacker profiles to more quickly address and contain threats, Thompson said.

"There are companies spending millions on security right now and they're still getting [infected with malware]," Thompson said in a recent interview. "They spent on technology but their frameworks are not effective and they've got inefficient processes for detecting and responding to incidents."